<html>
<head>
<title>CheckLogin</title>
    <style type="text/css">
<!--
body {
	background-color: #CCFFFF;
}
-->
    </style>
<!--<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>-->
<body>
 <?
    $username = $_POST['txtUsername'];
    $password = md5($_POST['txtPassword']);
//    echo $username." AND ".$_POST['txtPassword']." AND ".$password."<BR>";
    if(isset($_GET['login']) and !empty($username) and !empty($password)){
	$login = new MySQL(_MySQL);
	$login->Query("select no,title,firstname,lastname from staff where citizenid='".$login->AntiHack($username)."' and password='".$login->AntiHack($password)."'");
//        echo "num: ".$login->Num();
	if($login->Num() == 1){
		$ret = $login->FObject();
		$loginTime = time();
		$_SESSION[_Session.'_staff_id'] = $ret->no;
		$_SESSION[_Session.'_userhash'] = md5($ret->no.sprintf("%08x",$loginTime));
		$login->Update('staff',array('checkcount'=>1,'lastlogin' => 'NOW()')," where no='$ret->no' limit 1");
//                echo "session: ".$_SESSION[_Session.'_staff_id']." AND ".$_SESSION[_Session.'_userhash'];
//                echo "login is true";
            ?>
                <script>
                    window.location="/regisonline/template?phppage=adminedit.php&pass";
                </script>
            <?   
	}else{
            ?>
        <script>
            alert("USERNAME OR PASSWORD IS WRONG!")
            window.location="/regisonline/template?phppage=home.php&nopass";
        </script>
            <? 
        } 
}else{
            ?>
        <script>
            alert("USERNAME OR PASSWORD IS WRONG!")
            window.location="/regisonline/template?phppage=home.php&signin";
        </script>
            <? 
}
 ?>
</body>
</html>